CVE-2017-0439

CVE-2017-0439 describes a local privilege-escalation vulnerability in the Qualcomm Wi‑Fi driver for Android, affecting Kernel-3.10 and Kernel-3.18. The issue could allow a local malicious app to execute arbitrary code in the kernel context after compromising a privileged process. The Android Prod...

CVE-2017-0443

CVE-2017-0443 describes an elevation of privilege in the Qualcomm Wi‑Fi driver on Android, allowing a local malicious application to execute arbitrary code in the kernel context. The vulnerability requires compromising a privileged process to gain initial access, and affects Android devices using...

CVE-2017-0579

CVE-2017-0579 is a local elevation-of-privilege issue in the Qualcomm Video driver on Android, enabling a local malicious app to execute arbitrary kernel code. Affected: Android kernel 3.10 and 3.18; root cause: Qualcomm video driver elevation of privilege. Exploitation status is not detailed in ...

CVE-2017-7979

CVE-2017-7979 affects the Linux kernel 4.11.x via the packet action API (net/sched/act_api.c). The vulnerability arises from mishandling the tb nlattr array in the cookie feature, enabling a local attacker to trigger denial of service through uninitialized memory access and a refcount underflow, ...

CVE-2021-47129

CVE-2021-47129 (Linux kernel) : The netfilter nft_ct logic could trigger invalid CT helper usage. Specifically, nft_ct_expect_obj_eval() called nf_ct_ext_add() for a confirmed conntrack entry, but nf_ct_ext_add() only accepts unconfirmed entries, causing an invalid path and warning in nf_conntrac...

CVE-2021-47268

CVE-2021-47268: Unity/Linux kernel advisory describes a fix for usb: typec: tcpm: cancel vdm and state machine hrtimer when unregister tcpm port, addressing a pending hrtimer that may expire after tcpm port destruction. Root cause is a pending hrtimer in tcpm that could fire during module unload,...

CVE-2021-47322

CVE-2021-47322 affects the Linux kernel NFSv4 pnfs_mark_request_commit() when rescheduling a set of writes on the commit list after a failed pNFS attempt, causing an OOPS in O_DIRECT paths. The vulnerability is addressed by fixes in the kernel (as described in the CVE entry and linked references)...

CVE-2021-47655

CVE-2021-47655 affects the Linux kernel component media: venus: vdec. The root cause is a memory-leak risk in venus_helper_alloc_dpb_bufs() where an early return on an error path (ida_alloc_min()) could skip releasing previously allocated buffers. The fix moves the direct kfree() from the dma_all...

CVE-2022-3170

CVE-2022-3170 affects the Linux kernel sound subsystem. The vulnerability is an out-of-bounds access that can occur when the user-provided id->name does not end with a NUL character, allowing a privileged local user to trigger a crash or potentially escalate privileges via an ioctl() path. The...

CVE-2022-48661

CVE-2022-48661 in the Linux kernel relates to the gpio: mockup code where, if software node creation fails, the locally allocated string array isn’t freed, causing a potential resource leakage. The available connected documentation confirms this root cause and states the vulnerability has been re...

CVE-2022-48952

CVE-2022-48952 affects the Linux kernel PCI mt7621 path. The issue was a missing sentinel in the soc_device_attribute array, causing an oops during soc_device_match(mt7621_pcie_quirks_match). The fix adds the required sentinel in the attribute table (commit 7c18b64bba3b) and updates mt7621 exposu...

CVE-2022-48963

CVE-2022-48963 refers to a Linux kernel flaw in net: wwan: iosm where a memory leak could occur if allocation of ipc_mux->ul_adb.pp_qlt in ipc_mux_init() fails, leaving ipc_mux unreleased. The CVE is documented as resolved in multiple vendor advisories; the NVD entry cites a CVSSv3.1 base scor...

CVE-2022-49391

CVE-2022-49391 — Linux kernel remoteproc mtk_scp double free . The issue concerns the removal path for scp->rproc: it is allocated via devm_rproc_alloc(), so an explicit free in the remove function was unnecessary. The vulnerabilities describe a potential double free in the mtk_scp remoteproc ...

CVE-2022-49425

The CVE-2022-49425 entry concerns a Linux kernel f2fs bug where a stale list iterator could become a bogus pointer after a loop, leading to dereferencing cur->page and possibly loading an out-of-bounds/undefined value during a comparison to find a specific element. The vulnerability arises whe...

CVE-2022-49684

The Connected documents confirm CVE-2022-49684 relates to the Linux kernel, specifically the iio: adc: aspeed code. The issue is a refcount leak in aspeed_adc_set_trim_data caused by of_find_node_by_name() returning a node pointer with an incremented refcount; the remediation is to call of_node_p...

CVE-2022-49949

The CVE-2022-49949 issue affects the Linux kernel’s firmware_loader path and is resolved by fixing a memory leak during firmware upload. Specifically, an instance of struct fw_upload is allocated in firmware_upload_register() and must be freed in fw_dev_release(). The remedy introduces a dedicate...

CVE-2022-49974

CVE-2022-49974 refers to a Linux kernel vulnerability in the HID Nintendo driver where a null pointer could be dereferenced when queuing rumble work to a destroyed workqueue. The root cause is attempting to queue work after the controller is disconnected and nintendo_hid_remove has destroyed the ...

CVE-2022-50080

CVE-2022-50080 (Linux kernel) affects kernel code path for tee/shm handling. The issue is an integer overflow in register_shm_helper() when calculating pages for a memory region supplied by user space, which can lead to a NULL pointer dereference in internal_get_user_pages_fast() via pin_user_pag...

CVE-2022-50108

CVE-2022-50108 affects the Linux kernel via the mfd: max77620 sub-system. The root cause is a refcount leak in max77620_initialise_fps: of_get_child_by_name() returns a node pointer with an incremented refcount, and the patch adds missing of_node_put() to release it when no longer needed. The iss...

CVE-2022-50123

CVE-2022-50123 affects the Linux kernel ASoC Mediatek mt8173 stack (mt8173_rt5650_rt5676_dev_probe). Root cause: of_parse_phandle() returns a node pointer with an incremented refcount and missing of_node_put() in error paths, leading to a potential refcount leak. The connected advisories document...

CVE-2022-50145

The CVE-2022-50145 issue affects the Linux kernel’s dmaengine sf-pdma path. A data race allows multiple threads to rewrite a DMA channel descriptor, risking NULL pointer dereference and OOPS/hang when device_prep_dma_memcpy() is called concurrently. The vulnerability manifests as a multithreading...

CVE-2022-50183

Summary: CVE-2022-50183 affects the Linux kernel’s DRM Meson encoder_cvbs path. The issue is a refcount leak in the initialization flow of meson_encoder_cvbs_init, caused by not calling of_node_put() on the remote node obtained via of_graph_get_remote_node(). This leads to a local leak in the ref...

CVE-2022-50186

The CVE-2022-50186 entry concerns a Linux kernel issue in ath11k where on htc_tx_completion error the skb was not dropped, leading to a memory leak. The documented fix ensures the skb is freed on eid >= ATH11K_HTC_EP_COUNT before returning, as the completion_handler expects consumption even in...

CVE-2022-50188

CVE-2022-50188 is a Linux kernel vulnerability where a refcount leak in drm/meson was fixed. The issue arose because of how of_find_device_by_node() held a reference, with missing put_device() in the error path, leading to a refcount leak. The fix patches the kernel (meson_encoder_hdmi_init) to r...

CVE-2023-52839

CVE-2023-52839 describes a Linux kernel vulnerability in perf where broadcasting to other CPUs when starting a counter was removed as part of a fix (commit 3fec323339a4). Root cause: unnecessary broadcast in perf code could lead to a warning and potential instability; fix eliminates the broadcast...

CVE-2023-53061

CVE-2023-53061 affects the Linux kernel (ksmbd) and describes a refcount leak in smb2_open() where the reference count of acls can leak if memory allocation fails. The fix adds the missing posix_acl_release() to prevent the leak. Connected documents confirm the vulnerability was addressed in the ...

CVE-2024-32936

CVE-2024-32936 concerns the Linux kernel, specifically the TI j721e CSI2 RX DMA driver. The vulnerability arises when a frame is submitted to DMA: the submitted list may not be updated quickly enough, causing the DMA callback to fire before the list update completes. This race can lead to kernel ...

CVE-2024-38584

In CVE-2024-38584, the Linux kernel net: ti: icssg_prueth prueth_probe() dereferenced a NULL pointer when emac_phy_connect() failed and of_phy_connect() returned NULL, leading to NULL pointer dereference in phy_attached_info(). The public fix is to check the return code of emac_phy_connect and fa...

CVE-2024-40949

CVE-2024-40949: Linux kernel vulnerability in shmem swapin where replacing an old shmem folio could cause mem_cgroup_migrate() to clear the old folio’s memcg data, leading to incorrect memcg lruvec association and potential LRU list crashes or wrong statistics. The fix branches to use mem_cgroup_...

CVE-2024-40950

CVE-2024-40950 (Linux kernel) : The issue concerns mistaken use of mapping_large_folio_support for anonymous folios in THP handling, causing a mis-split of anon THP when splitting huge pages. Root cause: anon folios could be passed to mapping_large_folio_support() in split_huge_page_to_list_to_or...

CVE-2024-42254

CVE-2024-42254 affects the Linux kernel io_uring subsystem. The issue stems from inconsistent NULL vs IS_ERR error handling in io_alloc_pbuf_ring(), leading to a KASAN null pointer dereference in __io_remove_buffers and related cleanup paths (/io_uring/kbuf.c and io_uring.c). The vulnerability wa...

CVE-2024-45024

The CVE-2024-45024 issue in the Linux kernel concerns page-table locking around hugetlb folios during GUP page-walking. The fix implements a technique to use a PTE lock pointer (ptep_lockptr) so the PTE page-table lock can be acquired consistently with core-mm locking, addressing locking mismatch...

CVE-2024-56553

CVE-2024-56553 is a Linux kernel memory-leak fix in the binder subsystem. The issue occurred when a freeze notification is cleared (BC_CLEAR_FREEZE_NOTIFICATION) before binder_freeze_notification_done(), leaving entries in proc->delivered_freeze queued and leaking on process exit. The patch en...

CVE-2025-37975

CVE-2025-37975 : Linux kernel riscv module relocation fix for out‑of‑bounds access in relocation handling. The patch replaces the end‑of‑relocation access rel[j] with a bounds‑checked approach using num_relocations, effectively correcting the relocation size calculation. The vulnerability is desc...

CVE-2001-0914

The CVE-2001-0914 issue affects the Linux kernel prior to 2.4.11pre3. It allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, with the root cause described as potentially poor error checking during ELF loading. Publicly available documents name the affected...

CVE-2001-1398

The CVE-2001-1398 issue affects the Linux kernel prior to 2.2.19, arising from the masquerading code where packet length checks were lax, potentially enabling kernel memory writes via the CPIA driver off-by-one bug. Confirmed in multiple advisories (Mandrake MDKSA-2001:037 and Debian/Debian DSA-0...

CVE-2004-2607

CVE-2004-2607 is a local-read vulnerability in the Linux kernel (sdla_xfer) caused by casting a large len argument received as int to a short, preventing a read loop from filling a buffer. The description applies to Linux kernel 2.6.x (up to 2.6.5) and 2.4 (up to 2.4.29-rc1). Public documents con...

CVE-2006-0457

CVE-2006-0457 is a race condition in the Linux kernel 2.6.x key-control flow (add_key, request_key, keyctl). The bug allows local users to crash the kernel or read sensitive kernel memory by altering the length of a string argument between the kernel calculating length and copying data into kerne...

CVE-2006-1860

CVE-2006-1860 affects the Linux kernel up to and including 2.6.16.15, with the fix released in 2.6.16.16. The issue is in lease_init (fs/locks.c) where a lock could be freed that might not have been allocated on the stack, allowing a local attacker to cause a denial of service (fcntl_setlease loc...

CVE-2006-4572

CVE-2006-4572 concerns the Linux kernel’s netfilter ip6_tables. Affects the IPv6 tables implementation in versions prior to 2.6.16.31, allowing remote attackers to bypass security rules: (1) a protocol-disallow rule via a fragment header-adjacent protocol header, and (2) a header-extension rule v...

CVE-2006-5173

CVE-2006-5173 concerns the Linux kernel: local users can trigger a denial-of-service by mismanaging EFLAGS during context switches and thread creation (Alignment Check flag 0x40000), causing SIGBUS in other processes with unaligned accesses. Multiple connected sources confirm the issue and refere...

CVE-2006-5749

The CVE-2006-5749 issue affects the Linux kernel 2.4 series up to, but not including, 2.4.34-rc4. It concerns the isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c, which does not call init_timer for the ISDN PPP CCP reset state timer. The underlying cause is a timer initializati...

CVE-2007-4311

The CVE-2007-4311 issue affects the Linux kernel random driver (drivers/char/random.c) where reseed operations reuse only the first bytes of a buffer due to incorrect use of sizeof, reducing entropy and potentially making RNG output more predictable. It is described for Linux 2.4.x builds prior t...

CVE-2008-2148

CVE-2008-2148 affects the Linux kernel: UTIME_NOW/UTIME_OMIT handling in sys_utimensat in 2.6.22 and older than 2.6.25.3 allows a local user to modify the timestamps of arbitrary files, potentially causing a denial of service. The root cause is improper permission checks for certain UTIME_NOW/UTI...

CVE-2011-2493

The CVE-2011-2493 entry affects the Linux kernel, specifically the ext4_fill_super function in fs/ext4/super.c, with vulnerability present in versions prior to 2.6.39. The issue arises from improper initialization of an error-report data structure, enabling local users to cause a denial of servic...

CVE-2013-2058

The CVE-2013-2058 issue affects the Linux kernel prior to 3.7.4, specifically the host_start function in drivers/usb/chipidea/host.c. Affected code does not properly handle a certain non‑streaming option, enabling a local attacker to trigger a denial of service (system crash) by sending a large a...

CVE-2013-4512

CVE-2013-4512 describes a buffer overflow in the Linux kernel's user-mode Linux port, specifically in the write method of /proc/exitcode (exitcode_proc_write) in arch/um/kernel/exitcode.c, exploitable by local attackers with sufficient privileges. The vulnerability exists in kernels prior to 3.12...

CVE-2016-7912

The CVE-2016-7912 entry describes a use-after-free in the Linux kernel involving ffs_user_copy_worker in drivers/usb/gadget/function/f_fs.c, prior to version 4.5.3. This flaw lets local users escalate privileges by accessing an I/O data structure after a callback, as documented in multiple source...

CVE-2016-8417

CVE-2016-8417 describes an elevation-of-privilege vulnerability in the Qualcomm camera driver on Android. The issue could let a local malicious application execute arbitrary code in the kernel context by exploiting the Qualcomm camera driver (in Android kernel versions 3.10 and 3.18). The vulnera...

CVE-2016-8430

CVE-2016-8430 affects the NVIDIA Tegra kernel driver (NVHOST) on Android, where a mismanaged memory reference (user-after-free) can let a local attacker cause a denial of service or escalate to kernel code execution. The issue is described as elevation of privilege with potential for local persis...